YourIT, Inc.https://www.youritok.com
Mon, 21 Jan 2019 16:30:34 +0000en-UShourly1https://wordpress.org/?v=4.7.11Windows 10 May Soon Provide Option To Pause Updateshttps://www.youritok.com/2019/01/21/windows-10-may-soon-provide-option-to-pause-updates/
https://www.youritok.com/2019/01/21/windows-10-may-soon-provide-option-to-pause-updates/#respondMon, 21 Jan 2019 16:00:00 +0000https://www.youritok.com/2019/01/21/windows-10-may-soon-provide-option-to-pause-updates/Recent Windows 10 updates have been giving the company's user base heartburn lately, with their tendency to delete files and cause at least as many problems as they solve. If you're among ...]]>Recent Windows 10 updates have been giving the company's user base heartburn lately, with their tendency to delete files and cause at least as many problems as they solve. If you're among the frustrated ranks, good news is on the horizon.

The company is currently readying an update that will allow you to pause the update function so that they no longer occur automatically.

To be sure, automatic updates are a good idea in principle, ensuring that your system is as safe and as protected as it can be. The sad reality is that in the absence of automatic updates, a significant percentage of the user base would either update very sporadically or not at all, which would expose them to a whole raft of dangers.

On the flip side, the recent spate of update troubles that Windows 10 users have been experiencing have left some users terrified of system updates and the prospect of lost data or other bugs.

Enterprise users have long had an option to delay automatic updates for up to 35 days, which is a window that gives business owners and the IT professionals working for them time to assess the potential impact of any update before it is applied across the corporate network. However, home users have been left out of the equation.

In a soon to be released update (19H1), however, that will be changing. The update is scheduled for release in April of this year and will allow users to delay updates for up to seven days. It's a feature that Windows Insiders can already take advantage of. If you're in the program and want to check it out, simply go to:

Settings - Update & Security - Windows Update

Once there, you'll find an option not pause the updates for up to seven days. Kudos to Microsoft for making the feature available to home users.

]]>https://www.youritok.com/2019/01/21/windows-10-may-soon-provide-option-to-pause-updates/feed/0Passport And Credit Card Numbers Stolen In Marriott Hackhttps://www.youritok.com/2019/01/19/passport-and-credit-card-numbers-stolen-in-marriott-hack/
https://www.youritok.com/2019/01/19/passport-and-credit-card-numbers-stolen-in-marriott-hack/#respondSat, 19 Jan 2019 16:00:00 +0000https://www.youritok.com/2019/01/19/passport-and-credit-card-numbers-stolen-in-marriott-hack/Recently, Marriott Hotels informed the world that they had been the victims of a massive data breach. As it turns out, the breach was even more serious than was initially reported. As ...]]>Recently, Marriott Hotels informed the world that they had been the victims of a massive data breach. As it turns out, the breach was even more serious than was initially reported.

As the company has learned more from the ongoing investigation into the matter, they've been doing an admirable job at keeping the public updated, even if the details are cringe-worthy.

According to the latest information, the breach of the Starwood Preferred Guest database impacted up to 383 million travelers, which is fewer than the company's initial estimate of up to 500 million. Unfortunately, that's the only bit of good news.

While the company initially downplayed the amount of information that was taken, they're now saying that both credit card numbers and expiration dates were compromised. They underscored that the data was encrypted, but they also admit that they don't yet know if the components needed to de-crypt the data in a timely fashion were also compromised. Even if they weren't, a determined hacker could still de-crypt the information, putting every one of those card numbers at risk.

On top of that, the company has now confirmed that as many as 5.25 un-encrypted passport numbers were taken, along with more than twenty million encrypted passport numbers.

If you're just hearing about this breach for the first time, the above is in addition to the company's initial report that more than 327 million guests had non-payment information stolen.

The initial report included:

Customer name

Address

Phone numbers

Email addresses

Dates they stayed at Marriott hotels, along with departure dates

SPG account information

Date of birth

Gender

Other Similar Data

In short, before the most recent update, it was a serious breach by any definition. The inclusion of payment and passport information makes it even more so, even if the total number of impacted users is less than was originally estimated.

]]>https://www.youritok.com/2019/01/19/passport-and-credit-card-numbers-stolen-in-marriott-hack/feed/0Page Caches May Be Vulnerable To Attackhttps://www.youritok.com/2019/01/18/page-caches-may-be-vulnerable-to-attack/
https://www.youritok.com/2019/01/18/page-caches-may-be-vulnerable-to-attack/#respondFri, 18 Jan 2019 16:00:00 +0000https://www.youritok.com/2019/01/18/page-caches-may-be-vulnerable-to-attack/There's a new side channel attack to worry about. This one is after the target system's OS page cache, where a variety of sensitive data that has been accessed by the device's ...]]>There's a new side channel attack to worry about. This one is after the target system's OS page cache, where a variety of sensitive data that has been accessed by the device's owner is stored for rapid retrieval. Perhaps the worst and most ominous aspect of this newly identified threat is the fact that it's not limited by hardware architecture, and has been found to work on both Window and Linux-based machines.

This allows attackers to bypass sandboxes and other security protocols.

The research team is a motley collection of IT professionals hailing from Graz University of Technology, Boston University, NetApp, Intel, and CrowdStrike. They identified a number of possible ways a hacker might be able to use the newly identified attack vector and were even able (under certain conditions) to send data gleaned from the target system to a remote server.

The team pointed out that although they ran their tests on Windows and Linux machines, there's no reason to think their methodology wouldn't be successful on any other operating system currently in use today. This is a threat that potentially impacts the entire computing ecosystem. While many of the team's experiments required that the would-be hacker have physical access to the device, they were able to demonstrate that under certain conditions, a remote attack was also possible.

On this front, the team had the following to say:

"Our remote attack leverages timing differences between memory and disk access, measured on a remote system, as a proxy for the required local information."

They went on to explain that this could be achieved by measuring soft page faults, which happen any time a page is erroneously mapped. In this manner, the team was able to send data between the target system and a remote web server.

It should be noted that this attack has not been seen in the wild, but Microsoft, for one, is wasting no time addressing it. There's' already a mitigation routine built into Windows Insider build 18305, and it's expected to be rolled out to the user base at large in the months ahead.

All that to say, it's dangerous, but not as devastating as it otherwise could be. Even so, it's something to keep on your radar.

]]>https://www.youritok.com/2019/01/18/page-caches-may-be-vulnerable-to-attack/feed/0High Quality Photos May Affect Facial Recognition On Some Phoneshttps://www.youritok.com/2019/01/17/high-quality-photos-may-affect-facial-recognition-on-some-phones/
https://www.youritok.com/2019/01/17/high-quality-photos-may-affect-facial-recognition-on-some-phones/#respondThu, 17 Jan 2019 16:00:00 +0000https://www.youritok.com/2019/01/17/high-quality-photos-may-affect-facial-recognition-on-some-phones/One of the exciting new features offered by the latest smartphones is facial recognition, which allows users to unlock their devices simply by looking at them. On paper, it's a great feature ...]]>One of the exciting new features offered by the latest smartphones is facial recognition, which allows users to unlock their devices simply by looking at them. On paper, it's a great feature and incredibly convenient, but there's a problem. The issue was uncovered by a non-profit group called the Dutch Consumentenbond, which tested more than a hundred smartphones offered by a broad spectrum of vendors.

Their findings were disturbing to say the least.

It seems that advances in technology have rendered the new facial recognition routines easily hacked. The group found that nearly 40 percent of the phones they tested could be unlocked by a hacker displaying a high-resolution photograph in front of the camera.

These photos are such high quality that they can fool the software designed to protect the user. This allows any hacker who has access to a high-resolution photo of the phone's owner complete and unfettered access to anything on the device. After all, as far as the phone is concerned, you're the one unlocking it!

Unfortunately, given the fact that most people these days are engaged on at least one social media platform, high-res photographs are incredibly easy to come by. Even if you're not personally engaged in social media on any platform, given the ubiquity of high-quality cameras on the smart devices available for sale today, it's incredibly easy to snap a picture of the owner of the phone either before or after the hacker has made off with it.

The issue here is twofold: First, a growing percentage of people do their banking and make a variety of purchases via their phones, meaning that all of the data associated with those accounts would be available to a hacker who stole the phone. Second, companies selling phones with the facial recognition unlock feature are touting it as highly secure, when it very clearly isn't, giving their user base a false sense of security.

Beware. Facial recognition unlock is much easier to hack than manufacturers are letting on!

]]>https://www.youritok.com/2019/01/17/high-quality-photos-may-affect-facial-recognition-on-some-phones/feed/0Flaws In Several Adobe Products Could Let Attackers In https://www.youritok.com/2019/01/16/flaws-in-several-adobe-products-could-let-attackers-in/
https://www.youritok.com/2019/01/16/flaws-in-several-adobe-products-could-let-attackers-in/#respondWed, 16 Jan 2019 16:00:00 +0000https://www.youritok.com/2019/01/16/flaws-in-several-adobe-products-could-let-attackers-in/ Two new critical flaws have been discovered in Adobe Acrobat and Reader that require your urgent attention. In fact, the flaws were rated as so severe that the company broke with ...]]>

Two new critical flaws have been discovered in Adobe Acrobat and Reader that require your urgent attention.

In fact, the flaws were rated as so severe that the company broke with its tradition of releasing security updates around the middle of the month in coordination with Microsoft's "Patch Tuesday".

They released an update sooner this time, in order to make sure that these issues were resolved, and ensure the fixes were in the hands of their users.

The first issue, listed as CVE-2018-16011, is an exploit that takes advantage of the software's 'Use-After-Free functionality that allows a hacker to craft a special, poisoned PDF embedded with code that could allow them to take full control of the system targeted by the attack.

The second, identified as CVE-2018-16018 bypasses the JavaScript API restrictions in place on Adobe Reader.

The flaws can be found in all versions of Windows, macOS Acrobat DC, and Reader 2019.010.20064 and older. The company recommends updating to version 2019.010.20069 to address the flaws and be sure your system is protected.

The company has listed both of these as critical flaws with a rating of two, which is about as serious as it gets.

In related news, we have learned that Adobe's regularly scheduled security patch will address a total of 87 security flaws across a range of the company's products, with 39 of the issues patched being rated as critical.

Kudos to Adobe for breaking with their tradition and addressing both of these flaws ahead of their regularly scheduled update. It's a sad testament to the times we live in that such actions are becoming increasingly necessary. However, it's always good to see instances of prominent tech companies rising to the occasion and looking out for the best interests of their user base.

Be sure to grab these updates and apply them as soon as feasible if you use either of the products mentioned above.

]]>https://www.youritok.com/2019/01/16/flaws-in-several-adobe-products-could-let-attackers-in/feed/0Adware Continues To Be A Major Issue On Android Devices https://www.youritok.com/2019/01/15/adware-continues-to-be-a-major-issue-on-android-devices/
https://www.youritok.com/2019/01/15/adware-continues-to-be-a-major-issue-on-android-devices/#respondTue, 15 Jan 2019 16:00:00 +0000https://www.youritok.com/2019/01/15/adware-continues-to-be-a-major-issue-on-android-devices/ Google has been busy in recent weeks. They've removed a staggering 85 apps from their Play Store when they discovered that they were pushing highly aggressive adware to the users who ...]]>

Google has been busy in recent weeks. They've removed a staggering 85 apps from their Play Store when they discovered that they were pushing highly aggressive adware to the users who downloaded them.

The apps the company removed were wearing a number of disguises, passing themselves off as everything from games, to remote control simulators, to streaming video services, and more. On occasion, they actually delivered at least some functionality to the user. Unfortunately, they also pushed an excessive number of full-screen ads and pop-ups.

Although Google has a fairly robust system in place designed to prevent such apps from winding up on the Play Store to begin with, a steady stream of malicious apps continues to make an appearance. Worse, the company didn't spot the ones they recently removed. Researchers at Trend Micro made the discovery, and informed Google.

To the company's credit, they responded immediately, but the damage had already been done. Taken together, the apps in question had already been downloaded more than nine million times by the time the company purged them from their system.

Even after notifying Google of their discovery, Trend Micro continued to test the apps they discovered and found that they came from a variety of different developers, although many of them shared the same, or at least highly similar code.

The two best strategies to avoid these kinds of apps are about as straightforward as it gets:

Do your due diligence and steer clear of any app that doesn't have stellar ratings and solid reviews.

Be sure you've got a good antivirus app on your device with ad blocking functionality.

If, even after following that advice, your system still winds up getting infected and you find yourself bombarded with unwanted ads, uninstall it immediately.

]]>https://www.youritok.com/2019/01/15/adware-continues-to-be-a-major-issue-on-android-devices/feed/0Wannacry Ransomware Continues To Be A Problem For Somehttps://www.youritok.com/2019/01/14/wannacry-ransomware-continues-to-be-a-problem-for-some/
https://www.youritok.com/2019/01/14/wannacry-ransomware-continues-to-be-a-problem-for-some/#respondMon, 14 Jan 2019 16:00:00 +0000https://www.youritok.com/2019/01/14/wannacry-ransomware-continues-to-be-a-problem-for-some/It's been the better part of two years since the outbreak of the Wannacry ransomware epidemic. Unfortunately, all this time later, some companies are still dealing with the fallout. According to the ...]]>It's been the better part of two years since the outbreak of the Wannacry ransomware epidemic. Unfortunately, all this time later, some companies are still dealing with the fallout. According to the latest research, Wannacry is still infecting hundreds of thousands of computers around the globe.

As grim as that sounds, it's not all bad news. After all, the malware has been rendered harmless by the now famous "kill switch" discovered by Kryptos Logic security researcher Marcus Hutchins, who found a glaring flaw in the design of the software. The flaw allowed him to register a domain and encode it with instructions that would keep the ransomware component of Wannacry from activating and actually encrypting files.

That, however, did nothing to get rid of the malicious code infecting legions of PCs around the world. Sadly, much of the code remains in place on infected machines, silently lurking in the background. Kryptos Logic is uniquely positioned to know, since they control the kill switch domain and have continued to monitor traffic to it since building the kill switch on it. To this day, their site continues to be pinged by new IP addresses as the now toothless infection continues to spread.

It's not hard to see why the removal of a piece of malware that has been rendered suddenly toothless takes a lower priority for busy, and often harried IT security professionals. Leaving the code in place on infected machines is not without risk, however.

It is possible, however unlikely, that the hackers who built the program to begin with could find a way to get around the kill switch. If that should happen, then we'll be facing the full fury of the epidemic all over again, something no one in the field of digital security wants to contemplate.

The bottom line is simply this: If you were impacted by Wannacry when the outbreak initially occurred, it's worth double checking to make sure that all traces of the malicious code are gone from your network. Better safe than sorry.

]]>https://www.youritok.com/2019/01/14/wannacry-ransomware-continues-to-be-a-problem-for-some/feed/0New Internet Explorer Exploit Currently Being Used By Attackershttps://www.youritok.com/2019/01/12/new-internet-explorer-exploit-currently-being-used-by-attackers/
https://www.youritok.com/2019/01/12/new-internet-explorer-exploit-currently-being-used-by-attackers/#respondSat, 12 Jan 2019 16:00:00 +0000https://www.youritok.com/2019/01/12/new-internet-explorer-exploit-currently-being-used-by-attackers/Are you still using Internet Explorer? Now you have a new reason to consider switching to a more up to date browser. As most people know, Microsoft essentially gave up on Explorer ...]]>Are you still using Internet Explorer? Now you have a new reason to consider switching to a more up to date browser.

As most people know, Microsoft essentially gave up on Explorer after it failed to gain ground against its major competitors in the browser ecosystem. They started fresh, with Microsoft Edge, designed as a modern replacement.

Unfortunately, there are still legions of faithful IE users hanging on, and they are at risk. The company recently received a notification from Google's Threat Analysis Group alerting them to the presence of the flaw, which centers around the way the software's scripting engine handles objects in memory.

Worse, although the company did not provide any details, a separately published advisory on the topic made clear that this flaw has been seen in the wild and is actively being used by hackers.

The issue is so severe that Microsoft broke with its own policy and issued an emergency update to fix the flaw for IE holdout users. If, for whatever reason, you have yet to switch to some other browser, this is one security update you won't want to miss. You'll find it on the company's website indexed as CVE-2018-8653. The company has also made clear that there are no known workarounds for this issue, except to install the latest patch.

Ultimately, of course, the best solution would be to seriously consider migrating away from the use of Internet Explorer. Microsoft will likely continue to issue emergency patches as other issues are discovered. Unfortunately though, they have formally ended support for the product, so there's no guarantee. Every day you continue using the outdated browser, you put yourself at unnecessary and entirely avoidable risk.

If you haven't already got firm plans in place to migrate to some other browser, this is one more in a long list of compelling reasons to make it a priority.

]]>https://www.youritok.com/2019/01/12/new-internet-explorer-exploit-currently-being-used-by-attackers/feed/0New Amazon Order Confirmation Emails Could Be Phishing Attemptshttps://www.youritok.com/2019/01/11/new-amazon-order-confirmation-emails-could-be-phishing-attempts/
https://www.youritok.com/2019/01/11/new-amazon-order-confirmation-emails-could-be-phishing-attempts/#respondFri, 11 Jan 2019 16:00:00 +0000https://www.youritok.com/2019/01/11/new-amazon-order-confirmation-emails-could-be-phishing-attempts/According to Alexa, Amazon is the 4th most visited website in the United States and ranks 8th worldwide. To say that it gets a lot of traffic every day would be an ...]]>According to Alexa, Amazon is the 4th most visited website in the United States and ranks 8th worldwide. To say that it gets a lot of traffic every day would be an understatement, which is why a newly discovered phishing campaign pretending to come from Amazon is so disturbing.

Although Amazon sees heavy traffic every day of the year, things get especially frenzied during the holidays as shoppers flock to the company's website to buy Christmas presents for friends and family. Scammers know this and seek to take advantage of unwary shoppers, thus the genesis of their latest campaign. The security firm EdgeWave has been monitoring the development of the campaign.

Scammers are sending out well-crafted, sophisticated emails that appear to come from Amazon, featuring subject lines designed to draw the attention of online shoppers, such as "Your Amazon.com Order" Or "Your Amazon Order (order number) has shipped."

Naturally, if you've purchased something from Amazon, you'll be inclined to open the email to get more information. You'll then be presented with something that appears to be a legitimate order confirmation, although lacking in any specific details about the product.

In lieu of that, the scammers have placed an 'Order Details' button in the email, inviting users to click for additional information. Unfortunately, clicking the link downloads a word document onto the user's device. If the user tries to open it, they'll get a message that says they need to enable content in order for the message to be properly displayed.

What this does in actuality though, is enable macros, which hackers and scammers have been using for years to inject malicious code onto PCs around the world, and sure enough, that's exactly what happens in this case.

EdgeWave researchers have tested the poisoned document and discovered that as the download begins, what is apparently being downloaded is a file called 'keyandsymbol.exe'. However, embedded in the code, they found references to mergedboost.exe.

By now, most people know better than to click links or open files, even when they seem to come from a trusted source. This latest campaign underscores the importance of ongoing education and friendly, periodic reminders.

]]>https://www.youritok.com/2019/01/11/new-amazon-order-confirmation-emails-could-be-phishing-attempts/feed/0Chromebook To Get Additional USB Securityhttps://www.youritok.com/2019/01/10/chromebook-to-get-additional-usb-security/
https://www.youritok.com/2019/01/10/chromebook-to-get-additional-usb-security/#respondThu, 10 Jan 2019 16:00:00 +0000https://www.youritok.com/2019/01/10/chromebook-to-get-additional-usb-security/Google is taking additional steps to protect its Chromebook user base. Currently, if a hacker has physical access to your machine, he or she could insert a flash drive in the USB ...]]>Google is taking additional steps to protect its Chromebook user base. Currently, if a hacker has physical access to your machine, he or she could insert a flash drive in the USB port and run malicious code from it.

The company is adding a new feature called USBGuard, which blocks USB port access any time the machine's screen is locked.

If you're not a Chromebook user, you may not be aware that Chrome OS is open source and the OS is web-based, which makes it a true innovation in the PC and smart device ecosystem. The new feature is currently available for testing and experimentation in Chrome OS Canary builds, and should be making an appearance in a stable release before the second quarter of 2019.

Once the feature is available, all you will need to do to use it is add the following flag:

Chrome://flags/#enable-usbguard

That's all there is to it. It's a great feature addition that shows Google's commitment to the security of their user base, although in fairness, Google wasn't the first company to introduce something like this. That distinction goes to Apple. In 2018, the company introduced a similar update to iOS build 11.4.1 that required users to unlock their devices after an hour of inactivity before any USB port related activity would be allowed.

Although most home users have little to fear from physical access-based attacks, they pose a significantly greater risk to businesses of all shapes and sizes. The simple truth is that over the course of any given day, a whole host of people not employed by your company have access to your facilities, and by extension, your equipment.

Granted, most of these people have no malicious intent, but it's easy for a bad actor to slip in unnoticed, and few companies have robust measures in place to prevent or detect it. Something to think about.